Security of any website out there is of the highest importance. Now, I have yet to do my research on how secure Jekyll actually is so at this very moment, the SSL cert and redirecting this blog to HTTPS is more of a ‘for a peace of mind’ and ‘so Google likes my blog more’ kinda reasons.

For the sake of this short tutorial I will presume that you already have your Jekyll blog up and running on your VPS with Ubuntu 16.04 and Apache2 web server installed on it. If so, let’s go ahead and open up the Terminal window…

Download and install Let’s Encrypt

We’re about to download Let’s Encrypt from a Git repository, so we’ll need to install Git first:

sudo apt-get install git -y

When done, we can go ahead and clone Let’s Encrypt onto our server:

sudo git clone /opt/letsencrypt

Generate new SSL certificate

Generating the SSL certificate is then fairly easy.

  1. Switch to the letsencrypt directory: cd /opt/letsencrypt
  2. Run sudo ./letsencrypt-auto --apache -d

Replace with your own domain name. If you’d like to generate an SSL certificate for both the non-www as well as the www version of your domain name add -d to the command above so it looks like so:

sudo ./letsencrypt-auto --apache -d -d

Once you hit the <ENTER> key, the script will ask you to fill in your email address and to accept the terms and conditions. You can also opt to share your email address with Electronic Frontier Foundation.

When the certificate is ready, you will be asked whether or not you’d like to have the traffic redirected from HTTP to HTTPS. This decision is yours but since it’s the whole point of installing an SSL certificate, you’d probably want to go with option 2.

Renewing your SSL certificate

Let’s Encrypt’s SSL certificates are only valid for 90 so make sure you renew before those 90 days are up. Alternatively, add a cron job to do it for you automatically every month:

  1. Open crontab for editing: sudo nano /etc/crontab
  2. Add @monthly root /opt/letsencrypt/letsencrypt-auto certonly --renew-by-default -d to it.

REMEMBER: If you have your certificate issued for non-www as well as www version of your domain name, you will need to add the -d, too!

All done. Congrats, your Jekyll site is now secured with a valid –and free– SSL certificate.